Malware on the Mac?

A couple of things:

• Remove Avast Security using their uninstaller. This will only cause you problems and obviously does not help at all. No Anti-Virus or Cleaners should be installed on a Mac.
• Update to Ventura. This is where you are going to get the maximum security.
• After that has been done, Review these Safari settings:

1. Safari > Settings > Extensions. Remove or disable all.
2. Safari > Settings > Websites > Notifications. Deny notifications for all sites. If you have a specific need for a known site, then you can allow it after you are sure the problem is solved.
3. Safari > Settings > Windows > Pop Up Windows. Only allow Pop Ups from known sites.

That should do it. If you are still having trouble or want to be certain there is nothing running in the background, download EtreCheck and post the report here using the "Additional Text" option when posting. You should just do the free scan to create a diagnostic report and there is no need to have it installed to run on every launch.

Using EtreCheck

Review this support article:

OS SYSTEM content triggers antivirus prog… - Apple Community

As stated, you need to remove Avast using their uninstaller and continue with the other recommendations.

There is only 1 Malware scanner that should be used only on the occasion that you suspect trouble and that is MalwareBytes. You would only want to do the free one time scan and never have it run constantly on startup. It will remove any Malware and I again emphasize to never have it run constantly on startup and never use AntiVirus or Cleaner software.

I really can't add to the excellent post by etresoft, but since I suggested for your issue that MalwareBytes and EtreCheck could be useful to ease your concerns, I feel I need to respond. There is Malware/Adware out there, with SearchMarquis being one such Adware. These get installed by the user over a fake concern that you have a virus or by clicking on a fake "Flash Player Update" message. They can be removed by yourself without any additional software needed by Denying the Notification in Safari settings for the nefarious website that you allowed the notification from and by going through your LaunchDaemons, LaunchAgents, and Application Support folders and deleting the problem files.

MalwareBytes will remove these using the free scan without any work done by you. I only recommended the one time scan that would clean up any Malware/Adware that you may have allowed. I don't think anything should be installed that monitors your activity constantly and that includes MalwareBytes and it is not required to be used that way with the free scan. EtreCheck is excellent diagnostic tool for showing you what files are running on launch, cpu usage, recently installed apps, recent panic reports, and more. The report it provides is very useful in forums like these to assess a users system by others in ways that would not be possible. The average user will not have any idea what needs to be done by reviewing the report. Others that are familiar with the OS can spot files that should not be running and direct you to remove specific files. Etresoft said he believes you should not use his software because of fears that you are looking for problems with your system that you do not have. This is evident when you post a link for ComboCleaner claiming that you have a virus and need their software to remove it. It has been recommended here to never install Cleaner/Anti-Virus software and that includes ComboCleaner.

The people who have installed Malware/Adware know it immediately, they will have constant virus notifications or constant ads popping up that restricts all of their searches. If you just think you may have Malware, then you probably don't, since their purpose is to make themselves known by generating ad revenue or getting you to purchase software. In only those situations my recommendation remains the same. Run the free scan of MalwareBytes to clear the problem or post the EtreCheck report here for advice on what you need to do. After that, learn from your mistakes that caused the problem and you will not need to run either program again.

SuicideBonaparte wrote:

I eventually decided to erase the drive and reinstall the entire system as a precaution (as the Apple official call center recommended me to do). Now I'm going to upgrade to Ventura. Everything seems to work fine (there are still some small lags due to loading content from iCloud), and there are not any notifications. I'll ask a straightforward question: should I still try MalwareBytes / EtreCheck (to be sure), or is there no necessity? I want the utmost clarity, because the message from etresoft is a bit muddled. As I understood, Avast is also completely unneeded and the Mac can be left pristine clean? (as a long-time Windows user, it is extremely uncomfortable for me) Right? Just need a straight answer from an expert for a logical conclusion to this whole situation.

You need to understand the definition of "virus". Do not use any third party antivirus app. AVAST is one such app. Malware is different and if you install malware, Etrecheck and/or MalwareBytes can help you identify and remove that installed malware.

You have been advised multiple times in this thread to uninstall AVAST. It, and other third party antivirus apps report false positives, and use scare tactics to get you to part with your money. These antivirus apps provide no benefit and they may cause problems.

So, to summarize, are you saying that the security of the Apple system is practically faultless and only I personally can breach its security, not some hackers through phishing sites?

Compared to most systems over the years, yes, macOS and iOS are practically bulletproof.

There are of course caveats to that statement. For both, the main flaw is the user. The only way to make any OS truly invulnerable is to only allow the user to never write a single thing to the system. No software, no personal files, nothing. That would even include the ability to enter info to purchase things online since any access is a possible way to exploit the system or the user. But then it would only a reference tool you can't get anything done on.

Google is already attempting this with their Chromebooks. There is no user accessible OS. The interface is a web browser. The system on the device is only the bare bones software necessary to access Google's servers. From there, every single thing you do is remote. Okay, they've taken the user out of the equation, but that doesn't put intrusion to Google's servers out of reach. So there's still a way to get at the user data, but with the added bonus in a successful attempt to get at hundreds or thousands of user personal data all at once instead of one at a time.

Basically, you have to let go of the thinking that is Windows. It's come a long way the past 5 to 10 years, but it's still the most exploitable OS in the world. Microsoft itself is the main reason for that. Large, very large companies with legacy software insist MS not break their 20 - 40 year old custom software. MS complies because that is thousands of seats for just one of many such companies, which translates to millions of dollars in OS and production software upgrades and updates. But that also means apps that still use real memory instead of protected memory are still being coddled by Windows. Legacy 8 and 16 bit software still need to run at least in the MS-DOS prompt window. All of this translates to ancient code that can't be dumped, but is easily exploited.

So, what do you do? It's actually very easy.

1. Never, never, ever download anything from P2P, file sharing or pirate sites. That's where all of the really nasty malware is. Such as back doors, ransomware, key loggers and the like jammed into installers for cracked commercial software.
2. Only install software obtained legitimately from the vendor's site.

That's really all it takes, other than the usual awareness of scam emails, texts and messages.

And just to clarify an oft repeated misnomer.

Malware is NOT a threat unto itself. A person can't say you may have a virus or other malware when a virus IS malware. They are one and the same.

Malware is simply short for malicious software. That's anything you don't want on your computer. All of these are malware and everything falls under three main categories:

Virus

Trojan

Worm

There are no Mac viruses. Haven't been since the release of OS X 10.0. There's only been one know worm, and that was patched against over a decade ago.

Everything else out there the user can screw their Macs up with all by themselves are Trojans. Which is any software the user must download and install. It can't get there by itself. And that's everything that's been mentioned:

Adware

Key logger

Back door

Ransomware

Etc.

If you have to download and install it, whether you were aware you did it or not, it's a Trojan.

SuicideBonaparte wrote:

upd. Avast's in-depth scan detected three infected (?) files with the same name: MacOS AdAgent-EC [Adw]. But the Avast software can't remove them because these files are protected. Is it a virus, or is it part of the MacOS system?

Those aren't names. Those are just cryptic antivirus codewords for whatever they claim to be detecting. They absolutely useless.

If the software told you what the actual file names were, then that would be useful. But if they are protected, then they are probably part of the operating system. The macOS operating system already has protection against this kind of error by 3rd party antivirus.

You don't have any malware installed and you don't have any problem. I don't know what exactly happened when your computer first locked up. I'm not sure what "hotkey" you tried. Apps can lock up and sometimes have to be force quit. See this page for more information: How to force an app to quit on your Mac - Apple Support

You should uninstall Avast. AV programs aren't needed and just cause issues.

Effective defenses against malware and ot… - Apple Community

SuicideBonaparte wrote:

On another forum someone recommended me to erase the hard drive and reinstall the OS. Is it worth doing this after the supposed attack on the OS (when everything seems to be working fine now), or is it a waste of time and unnecessary load on the laptop?

It's a waste of time.

All I have learned from the comments here is that anti-viruses on the Mac are useless. Okay, but then what should I do after the supposed attack?

There was no attack.

How can I be calm now?

Yoga? Meditation? Some "calmness" app? Re-enable that silly "breathe" notification on your Apple Watch?

How can I know that my files are safe?

You don't know that they are. Just because your 3rd party antivirus freaked out over a few Apple system files doesn't mean that you don't have malware installed. Those are two distinct, and completely separate events.

Avast at least says that the computer is protected, and can the system tell me that by default? I don't really believe that a computer with an open system can be that untouchable. Even if we're talking about Apple.

It isn't an open system. The operating system is stored on a cryptographically sealed, read-only volume. Apple's files are safe from damage from your 3rd party antivirus. But again, I have no idea if you actually have malware installed or not. Your files are not protected. But according to your description, Avast wasn't saying that your files were infected, it was saying that those cryptographically secure Apple files were infected.

From my own data, I can tell you that over half of EtreCheck users have 3rd party antivirus installed. Less than 20% of EtreCheck users have any malware. But half of those users with malware also have antivirus installed. But generally speaking, most users with antivirus have fewer instances of malware installations than those who don't. But that's "most users". Unfortunately for you, Avast users are actually more likely to have malware installed than users of other 3rd party antivirus products or even than people who don't have any 3rd party antivirus at all.

Just to be clear, I didn't download anything, I just followed the link and did a couple of tabs, which unexpectedly freezes the computer (unprecedented for me). I didn't agree to anything, and I didn't enter any passwords anywhere. Should I be worried in my case?

You don't need to be worried. Maybe you just needed to click on some different window before trying the three-finger salute.

This resource writes that the MacOS AdAgent-EC [Adw] file is a kind of virus: https://www.combocleaner.com/viruses/adware/adware-mac-osx-agent/

That's not a resource, it's advertisement.

I am guessing that this is wrong?

Yes, it's wrong.

By your logic, I shouldn't download either MalwareBytes or EtreCheck.

His logic is sound. I can't speak for MalwareBytes, but I don't think you should download EtreCheck. EtreCheck is useful to help people remove malware infections. It is so effective that I can use it to evaluate the effectiveness of other 3rd party antivirus products like Avast. As an Avast user, there is an 87.52% chance that you don't have any malware installed. But if you choose to go looking for problems with EtreCheck, then you'll become a problem for me. And I don't need any more problems, so don't do that.

SuicideBonaparte wrote:

What do you mean I will become a problem for you?

I'm the developer of EtreCheck. If you download the app, then you're my customer. If you are having a specific problem, then EtreCheck may be able to help. If you are looking to create a problem, then I want no part of it.

Through a lot of hard work by 3rd party security companies, Apple's competitors, and social media influencers, Apple users have become increasingly paranoid about security issues. Whether it be antivaxxers, qanon, or other conspiracy theories, it's always awkward when internet paranoia takes over someone in real life. We see that on a regular basis here in the forums.

We you go from now is up to you. You can go down into that conspiracy rabbit hole if you want. Just don't use EtreCheck if you take that path. Or you can put your faith in Apple. If you use Apple's default security settings, you can still get malware installed on your computer, but you really make to make a serious, concerted effort to make it happen. It won't just show up one day. You must install it, on purpose, to win some prize, watch some video, or run some app that would otherwise cost a lot of money. You will have to bypass multiple Apple security alerts. But in the end, Apple will let you install the malware if you insist.

If you ended up doing a complete install, then there is no need to run EtreCheck or MalwareBytes. As I said, you will know if you have Malware/Adware, since their source of income is constant prompting of software for you to install or constant redirection from Safari to sites that are relentlessly popping up ads. It will be excessive and cripple the normal use of your Mac by bombarding you with prompts for them to make money off of you and the scare tactic of an installed virus is the one that people will usually fall for. Don't be one of those people.

I don't recommend having any apps installed to run on startup to monitor your system. This is a waste of resources when the Mac does a great job of protecting you from viruses. With that said there are times where a user will recklessly install some malware and MalwareBytes will remove it. The lesson is not to do that again. There will not be any software out there that is going to protect you from doing something you should not do by monitoring your activities. That is on you.

Technically, there are no limits. It will do the same scan for malware as the paid version. The only difference is after the trial period ends, the auto-watchdog service stops. And really, all that's for is to try and stop reckless users from installing and running things like ransomware.

Otherwise, MalwareBytes' main function is to try and remove malware you've already installed, not prevent it.